What AI assistants do with your data after you press send
A side-by-side look at ChatGPT, Claude, and Gemini: retention windows, training opt ins, safety reviewers, and what “delete my chat” actually means. Cited from the providers’ own pages.
Pressing send is not the end of the message. Once a conversation reaches the provider, it lives in several systems with different retention rules and different rules about who can read it. The three big consumer assistants are OpenAI’s ChatGPT, Anthropic’s Claude, and Google’s Gemini. Their policies look broadly similar in shape but differ in defaults, retention windows, and how easy the relevant toggles are to find.
ChatGPT, Claude and Gemini policies
The table below summarizes what each provider says about its consumer free tier as of early 2026. Enterprise plans, the API, and Vertex AI all have stricter terms; they are covered further down.
| Policy area | ChatGPT (OpenAI) | Claude (Anthropic) | Gemini (Google) |
|---|---|---|---|
| Used to train models by default | Yes, on consumer free and Plus tiers, unless you turn it off in settings [3] | Off by default; you can opt in. Once opted in, conversations may be used for up to 5 years [2] | Yes, when Gemini Apps Activity is on (default). A subset is sampled and reviewed by humans [4] |
| Standard chat retention | Stored as long as your account is active; deleted chats removed within 30 days [3] | Stored as long as you keep them; deleted chats removed within 30 days [1] | Default 18 months when activity is on; user-adjustable to 3 or 36 months. With activity off, kept for up to 72 hours for service delivery [4] |
| Human reviewers may read messages | Yes, for safety, abuse, and policy enforcement [3] | Yes, for trust & safety review of flagged content [1] | Yes. Reviewed conversations are stored separately for up to 3 years, disconnected from your Google account [4] |
| Safety / flagged content retention | Not specifically published; governed by the general retention policy [3] | Up to 2 years for inputs/outputs flagged for review; classification scores up to 7 years [1] | Up to 3 years for human-reviewed conversations [4] |
| What “delete” covers | Removed from active systems immediately; purged from backups within 30 days [3] | Removed from back-end storage within 30 days [1] | Removes from your activity, but already-reviewed conversations remain in the separate review store for up to 3 years [4] |
| Stricter option offered | Team, Enterprise, and the API: no training by default, custom retention, BAA available [3] | Team, Enterprise, and the API: no training on inputs by default, BAA available [5] | Gemini for Workspace and Vertex AI: prompts are not used to train models, no human review by default [6] |
All values retrieved from the providers’ own privacy pages in early 2026. Numbers and toggles can change at any time.
What “delete” means
All three providers describe deletion the same way in practice: when you press delete, the chat is queued for removal across active systems, caches, and backups, with a window of up to a month before it is fully gone. From Anthropic’s privacy center:
“Deleted from our back-end storage systems within 30 days.” privacy.claude.com, “How long do you store my data?” [1]
Google is the outlier worth understanding: deleting a Gemini conversation removes it from your activity, but if it had already been sampled for human review, the reviewed copy lives separately, disconnected from your account, for up to three years. [4] That is a different shape of guarantee than the OpenAI or Anthropic 30-day window.
Training data is a separate category
The training pipeline is governed by different rules than ordinary retention. All three providers say they de-link content from user identifiers before it is used for training, but de-linking is not anonymization. The content of a conversation can be identifying on its own. A long message that mentions your employer, your role, and the project you are working on does not need an email address attached to identify you.
“We de-link your data from your user ID (e.g. email address) before it’s used by Anthropic.” privacy.claude.com, “How do you use personal data in model training?” [2]
The defaults vary in the direction you would expect. Claude is opt-in for training. Gemini and ChatGPT are effectively opt-out: the toggle exists, but it ships on. If you want a guarantee that your messages are not retained as training material, find the toggle and check it, and check it again after major product updates.
Other people may read your messages
Even with the best intentions, providers maintain teams that can access user content for safety, abuse handling, and customer support. The exact details vary: Anthropic publishes specific retention windows for safety-flagged content (up to two years) and classifier scores (up to seven). Google has the most explicit human-reviewer pipeline of the three, with reviewed conversations stored for up to three years in a separate, disconnected system. OpenAI has a similar process described in less specific terms.
That is before subprocessors. Cloud providers, telemetry vendors, fraud detection vendors, and law enforcement requests sit downstream of every consumer chat product. Each one is a place where a determined attacker, an insider, or a court order can land on your data.
Free tiers are not the same as paid tiers
The strongest privacy promises generally come with the API or the enterprise plan, not the free chat product. ChatGPT Team and Enterprise, Claude Team and Enterprise, and Gemini for Workspace all promise that customer prompts are not used to train models by default. The same is true of the OpenAI API, Anthropic’s API, and Google Vertex AI. Some of these plans also guarantee zero retention beyond the request itself, and some let you sign a Business Associate Agreement for HIPAA workloads. None of that is true of the free consumer tier by default.
If you have ever wondered why companies pay for the API when ChatGPT is free, this is one reason.
Terms change
Privacy pages are not contracts in the strict sense. They are notices that can be updated. A toggle that protected you yesterday can be moved, renamed, or replaced. Defaults that were opt in can quietly become opt out. The reasonable assumption is that any message you send today might be governed by tomorrow’s policy, not today’s.
This is not a conspiracy claim. Every consumer software product evolves. The implication is just that the contents of your account history are worth thinking about as a lasting asset, not a disposable one.
What this means in practice
You do not need to memorize retention timelines. A few habits cover most of the risk:
- Read the privacy page of the specific product, not the marketing page. Look for the words “retain”, “train”, and “de-identified”.
- Find the training opt out and check it. Check it again after major product updates.
- Treat the free consumer chat tier as the most public option, and pick a more private one when the conversation calls for it.
- Ask yourself, before sending, whether you would be comfortable if a member of the safety team read this exact message tomorrow.
Sources
- Anthropic. How long do you store my data? Privacy Center. privacy.claude.com.
- Anthropic. How do you use personal data in model training? Privacy Center. privacy.claude.com.
- OpenAI. Privacy Policy and Data Controls FAQ. openai.com/policies/privacy-policy.
- Google. Gemini Apps Privacy Hub: Your data and Gemini Apps. support.google.com/gemini.
- Anthropic. Commercial Terms of Service. anthropic.com/legal/commercial-terms.
- Google Cloud. Generative AI and data governance (Vertex AI / Workspace). cloud.google.com.
More reading: how much personal data ends up in AI conversations, ways to share less personal data with AI assistants.